[MAVEN:GHSA-WFW6-MMMP-87XM] Improper Input Validation in Apache Batik

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Package	Affected Version
pkg:maven/org.apache.xmlgraphics/batik	>= 1.0, < 1.8

Package	Fixed Version
pkg:maven/org.apache.xmlgraphics/batik	= 1.8

ID

MAVEN:GHSA-WFW6-MMMP-87XM

Severity

moderate

URL

https://github.com/advisories/GHSA-wfw6-mmmp-87xm

Published

2022-05-17T00:28:34
(2 years ago)

Modified

2023-01-27T05:02:35
(20 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2015-0250
			http://advisories.mageia.org/MGASA-2015-0138.html
			http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html
			http://rhn.redhat.com/errata/RHSA-2016-0041.html
			http://rhn.redhat.com/errata/RHSA-2016-0042.html
			http://seclists.org/fulldisclosure/2015/Mar/142
			http://www-01.ibm.com/support/docview.wss?uid=swg21963275
			http://www.debian.org/security/2015/dsa-3205
			http://www.mandriva.com/security/advisories?name=MDVSA-2015:203
			http://www.securitytracker.com/id/1032781
			http://www.ubuntu.com/usn/USN-2548-1
			http://xmlgraphics.apache.org/security.html
			https://github.com/advisories/GHSA-wfw6-mmmp-87xm

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.xmlgraphics/batik	org.apache.xmlgraphics	batik	>= 1.0 < 1.8
Fixed	pkg:maven/org.apache.xmlgraphics/batik	org.apache.xmlgraphics	batik	= 1.8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date